Sniffing Dial-up Traffic

To sniff the network traffic using a modem connection to an analog or digital branch exchange (in other words, not using cable modem), the attacker has to re-program the provider's router, which isn't a trivial task. However, most providers configure routers so lamely that intruders must rejoice and just listen to the foreign traffic. Mainly, this traffic is made up of odds and ends of senseless garbage; however, sometimes it is possible to encounter interesting information even there (for example, a password to mailboxes).

Sniffing dial-up traffic allows you to investigate all packets sent or received by your machine. When the modem's LED is blinking wildly but neither the browser nor the mail client is active and you are not currently downloading files, then it would be interesting to see who tries to connect to the network, what it tries to transmit, and where. At this point, a local sniffer is useful.

Not all sniffers support PPP connections, although from the technical point of view it is much easier than grabbing Ethernet. With PPP, there is no need to switch the adapter to the promiscuous mode. It is enough to form a raw IP socket. Nevertheless, if the operating system creates a virtual network adapter for the PPP connection, the situation becomes ambiguous. Some drivers must be switched to the promiscuous mode, and some drivers do not require this. For more details, see the reference information for your operating system.